locked
How to encrypt querystring in MVC RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-2103146910 posted

    Could anyone guide me on how should I encrypt route parameters (values) in MVC? specially
    1) when I need to display the report (using crystal report) as I have to pass the certain value to action and display pdf file using crystal report. I am calling the action method using window.location.href from javascript.

    2) when I need to access any action with certain parameters


    please tell me the best possible way to do the same.


    with many thanks

    Tuesday, July 9, 2019 7:09 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1038772411 posted

    Hi, m_tack

    public string Encode( string encodeMe )
{
    byte[] encoded = System.Text.Encoding.UTF8.GetBytes( encodeMe );
    return Convert.ToBase64String( encoded );
}

public static string Decode( string decodeMe )
{
    byte[] encoded = Convert.FromBase64String( decodeMe );
    return System.Text.Encoding.UTF8.GetString( encoded );
}

    Please Refer below link that will give you completely solution. kindly please refer it wisely 

    https://stackoverflow.com/questions/14773148/how-to-encrypt-the-query-string-id-in-mvc4-actionlink

    Thanks 

    Tuesday, July 9, 2019 11:18 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-474980206 posted

    that's base64 encode, not encryption. normally you would encrypt then base64 URL encode, as the base64 character set is not valid as a query parameter. .net has several encryption libraries. 

     

    Tuesday, July 9, 2019 3:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User765422875 posted

    Are you using ASP.NET Core? If so, you can use IDataProtectionProvider

    https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/consumer-apis/overview?view=aspnetcore-2.2

    Then do something like this in your controller:

     public class YourController : Controller{
     
    IDataProtector dataProtector;

     public YourController(IDataProtectionProvider provider){
         dataProtector = provider.CreateProtector(GetType().FullName);
     }

    [HttpGet]
    public IActionResult Get() {
        
        int id = 567;

        string encryptedId = dataProtector.Protect(id.ToString());

        int decryptedId = 0;

        if(int.TryParse(dataProtector.Unprotect(encryptedId), out decryptedId) == false){
            throw new Exception("Invalid cypher text");
        }

        // decryptedId contains the decrypted value.
 }

    Tuesday, July 9, 2019 7:03 PM